Threat and Vulnerability Manager
Guild is hiring for a Threat and Vulnerability Manager you will be leading the Threat and Vulnerability Management team that covers application security and cloud infrastructure security across a range of technologies and environments, from mobile applications (Android and iOS) to Cloud services. You will be working directly with developers, system administrators, DevOps Teams, QA teams, and other technical subject matter experts in the field of education science and technology. You will collaborate with your colleagues in the Threat and Vulnerability Management team to help identify security vulnerabilities using vulnerability and penetration testing tools, as well as through the analysis of application code and architectural design.
We are looking for someone who wants to roll up their sleeves, provide functional expertise and counsel, and is interested in building a world class team.
As a Threat and Vulnerability Manager, you will:
- Lead the vulnerability management program for both cloud infrastructure and software development
- Manage the on-going prevention and detection of attacks against both the primary applications and the office environments
- Perform code review, penetration testing and vulnerability research
- Analyze the security of web applications, companion native mobile applications, and APIs; where issues are discovered, work cross-functionally to prioritize resolution/mitigation
- Point out common areas in web and mobile applications where developers need to be particularly conscious of security risks; Provide guidance for how to address each risk on common web stacks
- Serve as a technical reference for developers and engineers
- Understand emerging threats and provide risk reduction strategies for Guild
- Lead the use of Security Technologies such as Security Incident and Event Management (SIEM), Anti Virus, Endpoint protection, Data Loss Prevention, and Forensic tools.
- Facilitating extraction of tactical intelligence from targeted activity against Guild’s network by participating in incident response activities, and designing and implementing systems to seamlessly integrate intelligence extraction into the workflows of incident responders
- Manage, measure, analyze, and share tactical intelligence extracted from targeted intrusions;
- Identify, measure, prioritize, and communicate operational-level threats;
- Build and maintain the Threat and Vulnerability program while helping team members to execute against overall strategy;
- Manage efforts within the Cyber Threat Intelligence space; and,
- Identify, measure, manage, and fill tactical and strategic intelligence gaps at each level through circumspect analysis and fusion of external intelligence from peers and security vendors
- Review and advise on the security design of new products and applications
- Identify gaps in existing security architecture and recommend improvements
- Identify and monitor appropriate security checkpoints in the systems development life cycle.
- Implement application security activities as part of the CI/CD pipeline
- Experience with ISO 27001, NIST 800-53 and GDPR
You are a strong fit for this role if you have:
- Built or helped to build a threat and vulnerability program
- Experience with secure code tools that work in a fully automated CI/CD pipeline
- Experience with AWS or other cloud environments
- Enjoy a faced paced work environment
- Like a challenge
- Good team building skills
Guild is increasing economic mobility for working adults by partnering with the largest employers in the country to offer education as a benefit to their employees via our marketplace of nonprofit universities and education institutions. Guild’s proprietary technology platform facilitates the administration of this innovative benefit and our team of coaches helps each employee navigate the path back to school, providing individualized support from day one through program completion.
We also just became the latest female-led company to hit a $1billion valuation and the only B-corp with those qualifications. Our Series D round was led by Ken Chenault, General Catalyst Partners chairman and former CEO of AMEX, and joined by Emerson Collective, LeadEdge Capital, and Iconiq.
Guild Education is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.